Provably Fair

Every game outcome on the RGS is provably fair — players can independently verify that results were not manipulated. The system uses a commit-reveal scheme with HMAC-based PRNG.

How It Works

flowchart LR
    SS[Server Seed] --> Hash[SHA-256]
    Hash --> SH[Server Hash]
    SH --> |shown before play| Player
    SS --> PRNG
    CS[Client Seed] --> PRNG
    N[Nonce] --> PRNG
    PRNG --> Result[Game Outcome]
    SS --> |revealed after rotation| Player

Before play: The player sees the serverHash (SHA-256 of the server seed) — this commits the server to a specific seed without revealing it
During play: The PRNG combines serverSeed + clientSeed + nonce to produce each game outcome. The nonce increments with each round.
After rotation: The server seed is revealed. The player can hash it and confirm it matches the serverHash they were shown, then re-run the PRNG to verify every outcome.

Seed Lifecycle

Each player has a seed pair per operator and game. Seed pairs move through three states:

stateDiagram-v2
    [*] --> Upcoming: Auto-created on first bet
    Upcoming --> Active: POST /seed/rotate
    Active --> Retired: POST /seed/rotate
    Active --> Active: Nonce++ per round
    Retired --> [*]: Server seed revealed

State	Server Seed	Client Seed	Nonce
Upcoming	Hidden (only `serverHash` visible)	Not yet set	—
Active	Hidden (only `serverHash` visible)	Set by player or auto-generated	Increments per round
Retired	Revealed for verification	Visible	Final value

Seed pairs are automatically created on a player's first bet — one active pair and one upcoming pair.

Rotation

When a player rotates seeds via POST /seed/rotate:

Active → Retired

The current active pair is retired. The serverSeed is revealed so all past rounds can be verified.

Upcoming → Active

The upcoming pair becomes the new active pair. The player provides their clientSeed in the rotation request.

New Upcoming

A fresh upcoming pair is generated with a new server seed. Only the serverHash is visible.

Seeds cannot be rotated while a round is in progress.

Verification

After rotating seeds, players can verify any past round independently:

Get the Revealed Server Seed

Call POST /seed/reveal with the retired seed pair ID to get the serverSeed.

Confirm the Commitment

SHA-256 hash the revealed serverSeed and compare it to the serverHash that was shown before play. They must match — proving the server didn't change the seed after the fact.

Reproduce the Outcome

Call POST /game/verify with the serverSeed, clientSeed, nonce, and original game parameters. The result will match the original round outcome exactly.

The verify endpoint is pure computation — no money changes hands, no database writes occur. It simply re-runs the PRNG and game logic with the provided inputs.

Client Seed

Players must provide their own client seed when rotating via POST /seed/rotate. This ensures the player has direct input into the randomness used for their games.

Available Games

Integration Tester